Windows
Analysis Report
https://omar-tnzxoo.github.io/facebook-mobile/index.html
Overview
General Information
Detection
Score: | 88 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 5964 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 3020 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2436 --fi eld-trial- handle=236 8,i,107275 1731600798 288,902568 1864561433 98,262144 --disable- features=O ptimizatio nGuideMode lDownloadi ng,Optimiz ationHints ,Optimizat ionHintsFe tching,Opt imizationT argetPredi ction /pre fetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6696 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= audio.mojo m.AudioSer vice --lan g=en-US -- service-sa ndbox-type =audio --m ojo-platfo rm-channel -handle=54 24 --field -trial-han dle=2368,i ,107275173 1600798288 ,902568186 456143398, 262144 --d isable-fea tures=Opti mizationGu ideModelDo wnloading, Optimizati onHints,Op timization HintsFetch ing,Optimi zationTarg etPredicti on /prefet ch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6708 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= video_capt ure.mojom. VideoCaptu reService --lang=en- US --servi ce-sandbox -type=none --mojo-pl atform-cha nnel-handl e=5408 --f ield-trial -handle=23 68,i,10727 5173160079 8288,90256 8186456143 398,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6300 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://omar- tnzxoo.git hub.io/fac ebook-mobi le/index.h tml" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_64 | Yara detected HtmlPhish_64 | Joe Security | ||
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | SlashNext: |
Phishing |
---|
Source: | LLM: |
Source: | Page Title: | ||
Source: | Page Title: |
Source: | File source: | ||
Source: | File source: |
Source: | File source: |
Source: | HTTP Parser: |
Source: | Matcher: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | File deleted: | Jump to behavior |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 File Deletion | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | SlashNext | Credential Stealing type: Phishing & Social Engineering |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
omar-tnzxoo.github.io | 185.199.109.153 | true | true | unknown | |
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
www.google.com | 142.250.185.132 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown | |
198.187.3.20.in-addr.arpa | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.185.132 | www.google.com | United States | 15169 | GOOGLEUS | false | |
185.199.109.153 | omar-tnzxoo.github.io | Netherlands | 54113 | FASTLYUS | true | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
185.199.110.153 | unknown | Netherlands | 54113 | FASTLYUS | false | |
142.250.74.196 | unknown | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
192.168.2.5 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1521936 |
Start date and time: | 2024-09-29 06:05:38 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 23s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://omar-tnzxoo.github.io/facebook-mobile/index.html |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal88.phis.win@27/20@8/7 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.185.131, 142.250.186.110, 64.233.184.84, 34.104.35.123, 142.250.186.42, 142.250.185.227, 172.217.18.106, 142.250.185.202, 172.217.16.138, 142.250.185.170, 142.250.185.74, 142.250.184.234, 142.250.185.138, 142.250.184.202, 142.250.186.170, 142.250.186.138, 142.250.185.106, 142.250.181.234, 142.250.185.234, 216.58.206.42, 172.217.23.106, 199.232.210.172, 192.229.221.95, 13.85.23.206, 20.3.187.198
- Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: https://omar-tnzxoo.github.io/facebook-mobile/index.html
Input | Output |
---|---|
URL: https://omar-tnzxoo.github.io/facebook-mobile/index.html Model: jbxai | { "brand":["facebook"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Login", "text_input_field_labels":["Email or phone number", "Password"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false} |
URL: https://omar-tnzxoo.github.io/facebook-mobile/index.html Model: jbxai | { "phishing_score":9, "brands":"facebook", "legit_domain":"facebook.com", "classification":"wellknown", "reasons":["The brand 'Facebook' is well-known and has a widely recognized legitimate domain 'facebook.com'.", "The provided URL 'omar-tnzxoo.github.io' does not match the legitimate domain name for Facebook.", "The URL 'omar-tnzxoo.github.io' is hosted on GitHub Pages, which is a common platform for hosting personal or project pages, not official brand pages.", "The use of GitHub Pages for a brand like Facebook is highly unusual and suspicious.", "The input fields 'Email or phone number' and 'Password' are typical for login forms, which are commonly targeted in phishing attacks."], "brand_matches":[false], "url_match":false, "brand_input":"facebook", "input_fields":"Email or phone number, Password"} |
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\LICENSE
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1558 |
Entropy (8bit): | 5.11458514637545 |
Encrypted: | false |
SSDEEP: | 48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH |
MD5: | EE002CB9E51BB8DFA89640A406A1090A |
SHA1: | 49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2 |
SHA-256: | 3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B |
SHA-512: | D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\_metadata\verified_contents.json
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1864 |
Entropy (8bit): | 6.021127689065198 |
Encrypted: | false |
SSDEEP: | 48:p/hUI1atAdI567akUmYWEFw/3+ovGJ4F3jkZUbvzk98g5m7:RnYQI47avYUwvVGJ41jkZIzxgA7 |
MD5: | 68E6B5733E04AB7BF19699A84D8ABBC2 |
SHA1: | 1C11F06CA1AD3ED8116D356AB9164FD1D52B5CF0 |
SHA-256: | F095F969D6711F53F97747371C83D5D634EAEF21C54CB1A6A1CC5B816D633709 |
SHA-512: | 9DC5D824A55C969820D5D1FBB0CA7773361F044AE0C255E7C48D994E16CE169FCEAC3DE180A3A544EBEF32337EA535683115584D592370E5FE7D85C68B86C891 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\manifest.fingerprint
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66 |
Entropy (8bit): | 3.9159446964030753 |
Encrypted: | false |
SSDEEP: | 3:Sq5TQRaELVHecsUDBAeHD5k:Sq5gJ+csHej5k |
MD5: | CFB54589424206D0AE6437B5673F498D |
SHA1: | D1EF6314F0F68EFDD0BA8F6CA9E59BFF863B1609 |
SHA-256: | 285AC183C35350B4B77332172413902F83726CA8F53D63859B5DA082FD425A1C |
SHA-512: | 70FDCA4A1E6B7A5FFED3414E2DB74FECA7E0FD17482B8CB30393DFEE20AB9AD2B0B00FF0C590DD0E8D744D0EAD876CE8844519AF66618ED14666BCA56DF2DA21 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\manifest.json
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 85 |
Entropy (8bit): | 4.4533115571544695 |
Encrypted: | false |
SSDEEP: | 3:rR6TAulhFphifFCmMARWHJqS1tean:F6VlM8aRWpqS1ln |
MD5: | C3419069A1C30140B77045ABA38F12CF |
SHA1: | 11920F0C1E55CADC7D2893D1EEBB268B3459762A |
SHA-256: | DB9A702209807BA039871E542E8356219F342A8D9C9CA34BCD9A86727F4A3A0F |
SHA-512: | C5E95A4E9F5919CB14F4127539C4353A55C5F68062BF6F95E1843B6690CEBED3C93170BADB2412B7FB9F109A620385B0AE74783227D6813F26FF8C29074758A1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5964_828522034\sets.json
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9748 |
Entropy (8bit): | 4.629326694042306 |
Encrypted: | false |
SSDEEP: | 96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJq:v5C4ql7BkIVmtRTGXvcxBsq |
MD5: | EEA4913A6625BEB838B3E4E79999B627 |
SHA1: | 1B4966850F1B117041407413B70BFA925FD83703 |
SHA-256: | 20EF4DE871ECE3C5F14867C4AE8465999C7A2CC1633525E752320E61F78A373C |
SHA-512: | 31B1429A5FACD6787F6BB45216A4AB1C724C79438C18EBFA8C19CED83149C17783FD492A03197110A75AAF38486A9F58828CA30B58D41E0FE89DFE8BDFC8A004 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 18596 |
Entropy (8bit): | 7.988788312296589 |
Encrypted: | false |
SSDEEP: | 384:h5D5WUhNanar/Z19V6iGCYIqoPfHwfr13GPgqbrxremyFKKWB:h/NaOrBGCYIBPfQD1xqPhl |
MD5: | C83E4437A53D7F849F9D32DF3D6B68F3 |
SHA1: | FABEA5AD92ED3E2431659B02E7624DF30D0C6BBC |
SHA-256: | D9BADA3A44BB2FFA66DEC5CC781CAFC9EF17ED876CD9B0C5F7EF18228B63CEBB |
SHA-512: | C2CA1630F7229DD2DEC37E0722F769DD94FD115EEFA8EEBA40F9BB09E4FDAB7CC7D15F3DEEA23F50911FEAE22BAE96341A5BACA20B59C7982CAF7A91A51E152F |
Malicious: | false |
Reputation: | low |
URL: | https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 28 |
Entropy (8bit): | 4.2359263506290326 |
Encrypted: | false |
SSDEEP: | 3:QQinPt:+Pt |
MD5: | 1505E9BB79B4C3F51AEC072BFF0E4F1D |
SHA1: | C2229235760065DD7708E3D63A718B05FF209F37 |
SHA-256: | C3E80C02DBB99150A42F8867CFC2BD1565E9B7DE84EB4F3D75C9AF0A674566D1 |
SHA-512: | C0B996819ED4D93E5D5158867080BC16B479FD2EE651FD4F56453ABCEF6F5B5C67BB6E313D29971A61BE963BE67F4483939B89DDBB711B647453F7A0B966D47C |
Malicious: | false |
Reputation: | low |
URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwnB0oNNC70VJBIFDXhvEhkSBQ3OQUx6?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 18536 |
Entropy (8bit): | 7.986571198050597 |
Encrypted: | false |
SSDEEP: | 384:IhocXmE6eM871P7td/mcOKA454H2orQEONKrOqxw:f6WeL1P//9D54WCCKc |
MD5: | 8EFF0B8045FD1959E117F85654AE7770 |
SHA1: | 227FEE13CEB7C410B5C0BB8000258B6643CB6255 |
SHA-256: | 89978E658E840B927DDDB5CB3A835C7D8526ECE79933BD9F3096B301FE1A8571 |
SHA-512: | 2E4FB65CAAB06F02E341E9BA4FB217D682338881DABA3518A0DF8DF724E0496E1AF613DB8E2F65B42B9E82703BA58916B5F5ABB68C807C78A88577030A6C2058 |
Malicious: | false |
Reputation: | low |
URL: | https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 8987 |
Entropy (8bit): | 5.053765659962307 |
Encrypted: | false |
SSDEEP: | 96:s6dON/KXFNbVD1TMzPXH6mCQ23Tm7C32pQBocOx6vfib9t2gSrN94+w22+w3o9Ct:PONGFNDMz/66e2seylo6vaObX5SPgm |
MD5: | CAC8DD68B63C2BCDBD14960A1B1A3E7B |
SHA1: | 1130C09181117CC4A07D7A3C7B85F5A99DB3E1C3 |
SHA-256: | F0F190ECE4EE12C99572EBCA1973C6DA8F79CE0992480FC2513800C4018C3180 |
SHA-512: | 9A4215EDF00772730D487312F271130AD16760908BA2DF0A15A05110C95AEE54AD3F29CE995AD1A8A451329FB4B6045FC690FE0254633F77F51AAF2C3D34CDED |
Malicious: | false |
Reputation: | low |
URL: | https://omar-tnzxoo.github.io/facebook-mobile/index.html |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2527 |
Entropy (8bit): | 4.958756368330792 |
Encrypted: | false |
SSDEEP: | 48:2oUQMhw7R+GdJcFL6E/vAO8fvjOc5VNt1CI17v:x+YrnE/IOuvj15P7v |
MD5: | 8E369B7367502192559BA131F6F987C7 |
SHA1: | 796D712D6695AF62629D864735BBB0E6C5939159 |
SHA-256: | A75B0487FBC099F17036F1D584CD7B43505A18FA1F9C1952D30F2FBE299900B5 |
SHA-512: | C02A61126FF56FD2BDE34E335CD251B4833D887327053358A99669863364A7D20077FDC84DED71FC963362C283931B5DF28CE86134872984265002839B71CAB2 |
Malicious: | false |
Reputation: | low |
URL: | https://omar-tnzxoo.github.io/facebook-mobile/style.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 16067 |
Entropy (8bit): | 7.88608494847754 |
Encrypted: | false |
SSDEEP: | 384:+qDRe4waYJBhM9GS8zABAYxb9wj9SuOP7G80TY:+q9Z0YsYZ9G0K8SY |
MD5: | E01A389BC1E00022C67803268A2B243D |
SHA1: | 64739061001B716354E95147CBEC859B9A0835E6 |
SHA-256: | 7F89E1FDC42AEF30BDE4328F1DD3A8C0816FB717B1472D7E987A55EE0F2DD8EF |
SHA-512: | 8138227EBBB9024B08F6E0CF307C7A656C1E5B458F0FFE1BEF2F6DD4F577DF82B1CF4D1971B11D911B3EB4884A2BF75257CC237F7225A124B9493B86CB70B1D6 |
Malicious: | false |
Reputation: | low |
URL: | https://omar-tnzxoo.github.io/facebook-mobile/assets/icon.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 9348 |
Entropy (8bit): | 5.397557097205847 |
Encrypted: | false |
SSDEEP: | 192:rNYbN8NjNY3YNON+FNkNP6NfNANk3FNNN8YNY5NmpNgNjNS3mNuN8fN/NFXNVNeJ:RYhKZ22EUiPA1uCrDDWmvOZAMkEVFdbC |
MD5: | EE2BF22AE42441ABEA10F96DB055CAB2 |
SHA1: | 5DCCD5656A0EC756F5E8F0517019820CD6CE7E70 |
SHA-256: | 6F6C7E21A033BA788D3C4AB39FD8A313607ECC2E60118E127970E47D45A97228 |
SHA-512: | 54E55DBC56A32FDB45B0062B33F4E65BAFEC6535977858B4490F70963B7B1005B36A66CD82E0C63C35C8588313FE879BD55FAF2806FEDE0560C96240702524E3 |
Malicious: | false |
Reputation: | low |
URL: | https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16067 |
Entropy (8bit): | 7.88608494847754 |
Encrypted: | false |
SSDEEP: | 384:+qDRe4waYJBhM9GS8zABAYxb9wj9SuOP7G80TY:+q9Z0YsYZ9G0K8SY |
MD5: | E01A389BC1E00022C67803268A2B243D |
SHA1: | 64739061001B716354E95147CBEC859B9A0835E6 |
SHA-256: | 7F89E1FDC42AEF30BDE4328F1DD3A8C0816FB717B1472D7E987A55EE0F2DD8EF |
SHA-512: | 8138227EBBB9024B08F6E0CF307C7A656C1E5B458F0FFE1BEF2F6DD4F577DF82B1CF4D1971B11D911B3EB4884A2BF75257CC237F7225A124B9493B86CB70B1D6 |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 29, 2024 06:06:24.462441921 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Sep 29, 2024 06:06:34.071765900 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Sep 29, 2024 06:06:35.997064114 CEST | 49735 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:35.997144938 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:35.997210979 CEST | 49735 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:35.997570038 CEST | 49735 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:35.997592926 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:35.998475075 CEST | 49736 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:35.998538971 CEST | 443 | 49736 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:35.998802900 CEST | 49736 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:35.998997927 CEST | 49736 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:35.999026060 CEST | 443 | 49736 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.467693090 CEST | 443 | 49736 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.471041918 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.515178919 CEST | 49735 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.515185118 CEST | 49736 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.582796097 CEST | 49735 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.582829952 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.582952023 CEST | 49736 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.582971096 CEST | 443 | 49736 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.586805105 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.586855888 CEST | 443 | 49736 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.586895943 CEST | 49735 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.586950064 CEST | 49736 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.589704037 CEST | 49735 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.589915991 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.590780020 CEST | 49736 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.590873957 CEST | 49735 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.590884924 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.590991974 CEST | 443 | 49736 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.635231018 CEST | 49735 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.635232925 CEST | 49736 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.635263920 CEST | 443 | 49736 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.682308912 CEST | 49736 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.868493080 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.869791031 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.869910002 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.870007992 CEST | 49735 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.870054007 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.870106936 CEST | 49735 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.871651888 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.873579979 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.873653889 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.873724937 CEST | 49735 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.873738050 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.873779058 CEST | 49735 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.874547958 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.874686003 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.875292063 CEST | 49735 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.900068045 CEST | 49735 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.900095940 CEST | 443 | 49735 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:36.901699066 CEST | 49736 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:36.943409920 CEST | 443 | 49736 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:37.017268896 CEST | 443 | 49736 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:37.018377066 CEST | 443 | 49736 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:37.018446922 CEST | 49736 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:37.018474102 CEST | 443 | 49736 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:37.018491983 CEST | 443 | 49736 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:37.018546104 CEST | 49736 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:37.032063007 CEST | 49736 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:37.032088041 CEST | 443 | 49736 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:39.192734003 CEST | 49742 | 443 | 192.168.2.4 | 142.250.185.132 |
Sep 29, 2024 06:06:39.192759991 CEST | 443 | 49742 | 142.250.185.132 | 192.168.2.4 |
Sep 29, 2024 06:06:39.192847967 CEST | 49742 | 443 | 192.168.2.4 | 142.250.185.132 |
Sep 29, 2024 06:06:39.194251060 CEST | 49742 | 443 | 192.168.2.4 | 142.250.185.132 |
Sep 29, 2024 06:06:39.194263935 CEST | 443 | 49742 | 142.250.185.132 | 192.168.2.4 |
Sep 29, 2024 06:06:39.856231928 CEST | 443 | 49742 | 142.250.185.132 | 192.168.2.4 |
Sep 29, 2024 06:06:39.857778072 CEST | 49742 | 443 | 192.168.2.4 | 142.250.185.132 |
Sep 29, 2024 06:06:39.857804060 CEST | 443 | 49742 | 142.250.185.132 | 192.168.2.4 |
Sep 29, 2024 06:06:39.859137058 CEST | 443 | 49742 | 142.250.185.132 | 192.168.2.4 |
Sep 29, 2024 06:06:39.859220982 CEST | 49742 | 443 | 192.168.2.4 | 142.250.185.132 |
Sep 29, 2024 06:06:39.863595963 CEST | 49742 | 443 | 192.168.2.4 | 142.250.185.132 |
Sep 29, 2024 06:06:39.863728046 CEST | 443 | 49742 | 142.250.185.132 | 192.168.2.4 |
Sep 29, 2024 06:06:39.914002895 CEST | 49742 | 443 | 192.168.2.4 | 142.250.185.132 |
Sep 29, 2024 06:06:39.914011002 CEST | 443 | 49742 | 142.250.185.132 | 192.168.2.4 |
Sep 29, 2024 06:06:39.963397980 CEST | 49742 | 443 | 192.168.2.4 | 142.250.185.132 |
Sep 29, 2024 06:06:40.026031017 CEST | 49745 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:40.026084900 CEST | 443 | 49745 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:40.026154995 CEST | 49745 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:40.029532909 CEST | 49745 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:40.029547930 CEST | 443 | 49745 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:40.686609030 CEST | 49746 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:40.686661959 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:40.686734915 CEST | 49746 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:40.687091112 CEST | 49746 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:40.687107086 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:40.689924002 CEST | 443 | 49745 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:40.689996004 CEST | 49745 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:40.693953991 CEST | 49745 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:40.693972111 CEST | 443 | 49745 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:40.694353104 CEST | 443 | 49745 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:40.744519949 CEST | 49745 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:40.911104918 CEST | 49745 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:40.955403090 CEST | 443 | 49745 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:41.097996950 CEST | 443 | 49745 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:41.098089933 CEST | 443 | 49745 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:41.098141909 CEST | 49745 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:41.103230000 CEST | 49745 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:41.103251934 CEST | 443 | 49745 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:41.103266954 CEST | 49745 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:41.103272915 CEST | 443 | 49745 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:41.137928963 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.155535936 CEST | 49746 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:41.155565977 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.156111002 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.228363991 CEST | 49746 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:41.429440022 CEST | 49746 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:41.429689884 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.430135012 CEST | 49746 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:41.475402117 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.545237064 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.545559883 CEST | 49746 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:41.545597076 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.546252966 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.546303034 CEST | 49746 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:41.546312094 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.548037052 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.549757957 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.549806118 CEST | 49746 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:41.549815893 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.551546097 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.551595926 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.551610947 CEST | 49746 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:41.551619053 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.551636934 CEST | 49746 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:41.553308010 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.553355932 CEST | 49746 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:41.553364038 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.559597015 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.561635017 CEST | 49746 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:41.767898083 CEST | 49746 | 443 | 192.168.2.4 | 185.199.109.153 |
Sep 29, 2024 06:06:41.767992020 CEST | 443 | 49746 | 185.199.109.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.855027914 CEST | 49747 | 443 | 192.168.2.4 | 185.199.110.153 |
Sep 29, 2024 06:06:41.855127096 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.855206966 CEST | 49747 | 443 | 192.168.2.4 | 185.199.110.153 |
Sep 29, 2024 06:06:41.855897903 CEST | 49747 | 443 | 192.168.2.4 | 185.199.110.153 |
Sep 29, 2024 06:06:41.855910063 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:41.868443012 CEST | 49748 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:41.868472099 CEST | 443 | 49748 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:41.868557930 CEST | 49748 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:41.869285107 CEST | 49748 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:41.869292974 CEST | 443 | 49748 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:42.328016996 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.328355074 CEST | 49747 | 443 | 192.168.2.4 | 185.199.110.153 |
Sep 29, 2024 06:06:42.328417063 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.329463959 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.329535007 CEST | 49747 | 443 | 192.168.2.4 | 185.199.110.153 |
Sep 29, 2024 06:06:42.330049038 CEST | 49747 | 443 | 192.168.2.4 | 185.199.110.153 |
Sep 29, 2024 06:06:42.330127001 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.330220938 CEST | 49747 | 443 | 192.168.2.4 | 185.199.110.153 |
Sep 29, 2024 06:06:42.330240011 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.373769045 CEST | 49747 | 443 | 192.168.2.4 | 185.199.110.153 |
Sep 29, 2024 06:06:42.431092978 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.431159019 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.431222916 CEST | 49747 | 443 | 192.168.2.4 | 185.199.110.153 |
Sep 29, 2024 06:06:42.431255102 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.432907104 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.432964087 CEST | 49747 | 443 | 192.168.2.4 | 185.199.110.153 |
Sep 29, 2024 06:06:42.432977915 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.434359074 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.434412003 CEST | 49747 | 443 | 192.168.2.4 | 185.199.110.153 |
Sep 29, 2024 06:06:42.434425116 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.437320948 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.437352896 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.437370062 CEST | 49747 | 443 | 192.168.2.4 | 185.199.110.153 |
Sep 29, 2024 06:06:42.437383890 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.437427044 CEST | 49747 | 443 | 192.168.2.4 | 185.199.110.153 |
Sep 29, 2024 06:06:42.438771963 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.445455074 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.445511103 CEST | 49747 | 443 | 192.168.2.4 | 185.199.110.153 |
Sep 29, 2024 06:06:42.445524931 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.445564985 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.445622921 CEST | 49747 | 443 | 192.168.2.4 | 185.199.110.153 |
Sep 29, 2024 06:06:42.445702076 CEST | 49747 | 443 | 192.168.2.4 | 185.199.110.153 |
Sep 29, 2024 06:06:42.445734024 CEST | 443 | 49747 | 185.199.110.153 | 192.168.2.4 |
Sep 29, 2024 06:06:42.512928963 CEST | 443 | 49748 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:42.513001919 CEST | 49748 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:42.515527964 CEST | 49748 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:42.515543938 CEST | 443 | 49748 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:42.515803099 CEST | 443 | 49748 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:42.518214941 CEST | 49748 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:42.563416004 CEST | 443 | 49748 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:42.790745974 CEST | 443 | 49748 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:42.790941954 CEST | 443 | 49748 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:42.791018009 CEST | 49748 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:42.792360067 CEST | 49748 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:42.792361021 CEST | 49748 | 443 | 192.168.2.4 | 184.28.90.27 |
Sep 29, 2024 06:06:42.792412043 CEST | 443 | 49748 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:42.792444944 CEST | 443 | 49748 | 184.28.90.27 | 192.168.2.4 |
Sep 29, 2024 06:06:46.434794903 CEST | 49749 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:06:46.434842110 CEST | 443 | 49749 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:06:46.434936047 CEST | 49749 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:06:46.436065912 CEST | 49749 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:06:46.436078072 CEST | 443 | 49749 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:06:47.127067089 CEST | 443 | 49749 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:06:47.127197027 CEST | 49749 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:06:47.133177996 CEST | 49749 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:06:47.133197069 CEST | 443 | 49749 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:06:47.133661032 CEST | 443 | 49749 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:06:47.182574034 CEST | 49749 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:06:47.763745070 CEST | 49749 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:06:47.811398029 CEST | 443 | 49749 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:06:47.988790989 CEST | 443 | 49749 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:06:47.988856077 CEST | 443 | 49749 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:06:47.988876104 CEST | 443 | 49749 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:06:47.988913059 CEST | 443 | 49749 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:06:47.988934040 CEST | 49749 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:06:47.988953114 CEST | 443 | 49749 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:06:47.988974094 CEST | 443 | 49749 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:06:47.989012957 CEST | 49749 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:06:47.989012957 CEST | 49749 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:06:47.989043951 CEST | 49749 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:06:47.993175030 CEST | 443 | 49749 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:06:47.993248940 CEST | 49749 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:06:47.993256092 CEST | 443 | 49749 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:06:47.993360996 CEST | 443 | 49749 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:06:47.993412018 CEST | 49749 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:06:48.514245033 CEST | 49749 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:06:48.514280081 CEST | 443 | 49749 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:06:49.767584085 CEST | 443 | 49742 | 142.250.185.132 | 192.168.2.4 |
Sep 29, 2024 06:06:49.767656088 CEST | 443 | 49742 | 142.250.185.132 | 192.168.2.4 |
Sep 29, 2024 06:06:49.768076897 CEST | 49742 | 443 | 192.168.2.4 | 142.250.185.132 |
Sep 29, 2024 06:06:51.032596111 CEST | 49742 | 443 | 192.168.2.4 | 142.250.185.132 |
Sep 29, 2024 06:06:51.032629967 CEST | 443 | 49742 | 142.250.185.132 | 192.168.2.4 |
Sep 29, 2024 06:07:03.188929081 CEST | 54349 | 53 | 192.168.2.4 | 162.159.36.2 |
Sep 29, 2024 06:07:03.193819046 CEST | 53 | 54349 | 162.159.36.2 | 192.168.2.4 |
Sep 29, 2024 06:07:03.193921089 CEST | 54349 | 53 | 192.168.2.4 | 162.159.36.2 |
Sep 29, 2024 06:07:03.194032907 CEST | 54349 | 53 | 192.168.2.4 | 162.159.36.2 |
Sep 29, 2024 06:07:03.198997974 CEST | 53 | 54349 | 162.159.36.2 | 192.168.2.4 |
Sep 29, 2024 06:07:03.682905912 CEST | 53 | 54349 | 162.159.36.2 | 192.168.2.4 |
Sep 29, 2024 06:07:03.683527946 CEST | 54349 | 53 | 192.168.2.4 | 162.159.36.2 |
Sep 29, 2024 06:07:03.697442055 CEST | 53 | 54349 | 162.159.36.2 | 192.168.2.4 |
Sep 29, 2024 06:07:03.697500944 CEST | 54349 | 53 | 192.168.2.4 | 162.159.36.2 |
Sep 29, 2024 06:07:05.415054083 CEST | 54351 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:05.415112019 CEST | 443 | 54351 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:05.415174007 CEST | 54351 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:05.415690899 CEST | 54351 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:05.415704012 CEST | 443 | 54351 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:06.157484055 CEST | 443 | 54351 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:06.157668114 CEST | 54351 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:06.159024954 CEST | 54351 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:06.159039021 CEST | 443 | 54351 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:06.159238100 CEST | 443 | 54351 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:06.160290003 CEST | 54351 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:06.207405090 CEST | 443 | 54351 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:06.346152067 CEST | 443 | 54351 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:06.346609116 CEST | 54351 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:06.346653938 CEST | 443 | 54351 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:06.346689939 CEST | 54351 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:06.346793890 CEST | 443 | 54351 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:06.346815109 CEST | 443 | 54351 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:06.346992970 CEST | 54351 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:07.519854069 CEST | 54352 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:07.519908905 CEST | 443 | 54352 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:07.519980907 CEST | 54352 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:07.520952940 CEST | 54352 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:07.520966053 CEST | 443 | 54352 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:08.242927074 CEST | 443 | 54352 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:08.243005037 CEST | 54352 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:08.244678020 CEST | 54352 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:08.244694948 CEST | 443 | 54352 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:08.244937897 CEST | 443 | 54352 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:08.245930910 CEST | 54352 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:08.291407108 CEST | 443 | 54352 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:08.504162073 CEST | 443 | 54352 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:08.504201889 CEST | 443 | 54352 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:08.504223108 CEST | 443 | 54352 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:08.504295111 CEST | 54352 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:08.504329920 CEST | 443 | 54352 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:08.504395962 CEST | 54352 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:08.506450891 CEST | 443 | 54352 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:08.506517887 CEST | 54352 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:08.506525040 CEST | 443 | 54352 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:08.506537914 CEST | 443 | 54352 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:08.506576061 CEST | 54352 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:08.513602972 CEST | 54352 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:08.513617992 CEST | 443 | 54352 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:08.513628960 CEST | 54352 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:08.513633966 CEST | 443 | 54352 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:08.949882030 CEST | 54353 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:08.950002909 CEST | 443 | 54353 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:08.950258017 CEST | 54353 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:08.950598001 CEST | 54353 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:08.950634003 CEST | 443 | 54353 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:09.780498981 CEST | 443 | 54353 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:09.780587912 CEST | 54353 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:09.782145977 CEST | 54353 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:09.782162905 CEST | 443 | 54353 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:09.782546043 CEST | 443 | 54353 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:09.783565998 CEST | 54353 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:09.831394911 CEST | 443 | 54353 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:10.094885111 CEST | 443 | 54353 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:10.094907045 CEST | 443 | 54353 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:10.094930887 CEST | 443 | 54353 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:10.094969988 CEST | 54353 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:10.094996929 CEST | 443 | 54353 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:10.095012903 CEST | 54353 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:10.095047951 CEST | 54353 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:10.098850012 CEST | 443 | 54353 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:10.098893881 CEST | 443 | 54353 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:10.098932981 CEST | 54353 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:10.098951101 CEST | 443 | 54353 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:10.098963976 CEST | 54353 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:10.098967075 CEST | 443 | 54353 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:10.099009037 CEST | 54353 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:10.099201918 CEST | 54353 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:10.099220037 CEST | 443 | 54353 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:10.099231005 CEST | 54353 | 443 | 192.168.2.4 | 52.165.165.26 |
Sep 29, 2024 06:07:10.099236012 CEST | 443 | 54353 | 52.165.165.26 | 192.168.2.4 |
Sep 29, 2024 06:07:30.968745947 CEST | 55704 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 29, 2024 06:07:30.973604918 CEST | 53 | 55704 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:07:30.973660946 CEST | 55704 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 29, 2024 06:07:30.973710060 CEST | 55704 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 29, 2024 06:07:30.978472948 CEST | 53 | 55704 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:07:31.426904917 CEST | 53 | 55704 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:07:31.427911043 CEST | 55704 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 29, 2024 06:07:31.433142900 CEST | 53 | 55704 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:07:31.433192015 CEST | 55704 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 29, 2024 06:07:39.308450937 CEST | 55708 | 443 | 192.168.2.4 | 142.250.74.196 |
Sep 29, 2024 06:07:39.308490992 CEST | 443 | 55708 | 142.250.74.196 | 192.168.2.4 |
Sep 29, 2024 06:07:39.308557987 CEST | 55708 | 443 | 192.168.2.4 | 142.250.74.196 |
Sep 29, 2024 06:07:39.309295893 CEST | 55708 | 443 | 192.168.2.4 | 142.250.74.196 |
Sep 29, 2024 06:07:39.309317112 CEST | 443 | 55708 | 142.250.74.196 | 192.168.2.4 |
Sep 29, 2024 06:07:39.836483002 CEST | 49723 | 80 | 192.168.2.4 | 93.184.221.240 |
Sep 29, 2024 06:07:39.836698055 CEST | 49724 | 80 | 192.168.2.4 | 93.184.221.240 |
Sep 29, 2024 06:07:39.841676950 CEST | 80 | 49723 | 93.184.221.240 | 192.168.2.4 |
Sep 29, 2024 06:07:39.841739893 CEST | 49723 | 80 | 192.168.2.4 | 93.184.221.240 |
Sep 29, 2024 06:07:39.842278004 CEST | 80 | 49724 | 93.184.221.240 | 192.168.2.4 |
Sep 29, 2024 06:07:39.842335939 CEST | 49724 | 80 | 192.168.2.4 | 93.184.221.240 |
Sep 29, 2024 06:07:39.963224888 CEST | 443 | 55708 | 142.250.74.196 | 192.168.2.4 |
Sep 29, 2024 06:07:39.970519066 CEST | 55708 | 443 | 192.168.2.4 | 142.250.74.196 |
Sep 29, 2024 06:07:39.970536947 CEST | 443 | 55708 | 142.250.74.196 | 192.168.2.4 |
Sep 29, 2024 06:07:39.971355915 CEST | 443 | 55708 | 142.250.74.196 | 192.168.2.4 |
Sep 29, 2024 06:07:39.972064018 CEST | 55708 | 443 | 192.168.2.4 | 142.250.74.196 |
Sep 29, 2024 06:07:39.972242117 CEST | 443 | 55708 | 142.250.74.196 | 192.168.2.4 |
Sep 29, 2024 06:07:40.023798943 CEST | 55708 | 443 | 192.168.2.4 | 142.250.74.196 |
Sep 29, 2024 06:07:49.867754936 CEST | 443 | 55708 | 142.250.74.196 | 192.168.2.4 |
Sep 29, 2024 06:07:49.867837906 CEST | 443 | 55708 | 142.250.74.196 | 192.168.2.4 |
Sep 29, 2024 06:07:49.867897987 CEST | 55708 | 443 | 192.168.2.4 | 142.250.74.196 |
Sep 29, 2024 06:07:50.963363886 CEST | 55708 | 443 | 192.168.2.4 | 142.250.74.196 |
Sep 29, 2024 06:07:50.963393927 CEST | 443 | 55708 | 142.250.74.196 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 29, 2024 06:06:34.767487049 CEST | 53 | 58259 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:06:34.779865980 CEST | 53 | 49490 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:06:35.818033934 CEST | 53 | 50100 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:06:35.983374119 CEST | 55569 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 29, 2024 06:06:35.983562946 CEST | 51354 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 29, 2024 06:06:35.991734982 CEST | 53 | 55569 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:06:35.993345976 CEST | 53 | 51354 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:06:37.043011904 CEST | 53 | 58824 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:06:39.183841944 CEST | 51883 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 29, 2024 06:06:39.184104919 CEST | 65310 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 29, 2024 06:06:39.190707922 CEST | 53 | 51883 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:06:39.190812111 CEST | 53 | 65310 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:06:39.206350088 CEST | 53 | 54750 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:06:41.844738007 CEST | 62575 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 29, 2024 06:06:41.845052004 CEST | 58652 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 29, 2024 06:06:41.853627920 CEST | 53 | 58652 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:06:41.853647947 CEST | 53 | 62575 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:06:51.408565044 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Sep 29, 2024 06:06:53.579330921 CEST | 53 | 53608 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:07:03.188138008 CEST | 53 | 61948 | 162.159.36.2 | 192.168.2.4 |
Sep 29, 2024 06:07:03.711086035 CEST | 53466 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 29, 2024 06:07:03.732239962 CEST | 53 | 53466 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:07:30.968406916 CEST | 53 | 60266 | 1.1.1.1 | 192.168.2.4 |
Sep 29, 2024 06:07:39.298681021 CEST | 64792 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 29, 2024 06:07:39.306382895 CEST | 53 | 64792 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 29, 2024 06:06:35.983374119 CEST | 192.168.2.4 | 1.1.1.1 | 0x77ff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 29, 2024 06:06:35.983562946 CEST | 192.168.2.4 | 1.1.1.1 | 0xd0be | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 29, 2024 06:06:39.183841944 CEST | 192.168.2.4 | 1.1.1.1 | 0x699c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 29, 2024 06:06:39.184104919 CEST | 192.168.2.4 | 1.1.1.1 | 0x8862 | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 29, 2024 06:06:41.844738007 CEST | 192.168.2.4 | 1.1.1.1 | 0x419a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 29, 2024 06:06:41.845052004 CEST | 192.168.2.4 | 1.1.1.1 | 0xac2c | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 29, 2024 06:07:03.711086035 CEST | 192.168.2.4 | 1.1.1.1 | 0xa701 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false | |
Sep 29, 2024 06:07:39.298681021 CEST | 192.168.2.4 | 1.1.1.1 | 0x1727 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 29, 2024 06:06:35.991734982 CEST | 1.1.1.1 | 192.168.2.4 | 0x77ff | No error (0) | 185.199.109.153 | A (IP address) | IN (0x0001) | false | ||
Sep 29, 2024 06:06:35.991734982 CEST | 1.1.1.1 | 192.168.2.4 | 0x77ff | No error (0) | 185.199.110.153 | A (IP address) | IN (0x0001) | false | ||
Sep 29, 2024 06:06:35.991734982 CEST | 1.1.1.1 | 192.168.2.4 | 0x77ff | No error (0) | 185.199.108.153 | A (IP address) | IN (0x0001) | false | ||
Sep 29, 2024 06:06:35.991734982 CEST | 1.1.1.1 | 192.168.2.4 | 0x77ff | No error (0) | 185.199.111.153 | A (IP address) | IN (0x0001) | false | ||
Sep 29, 2024 06:06:39.190707922 CEST | 1.1.1.1 | 192.168.2.4 | 0x699c | No error (0) | 142.250.185.132 | A (IP address) | IN (0x0001) | false | ||
Sep 29, 2024 06:06:39.190812111 CEST | 1.1.1.1 | 192.168.2.4 | 0x8862 | No error (0) | 65 | IN (0x0001) | false | |||
Sep 29, 2024 06:06:41.853647947 CEST | 1.1.1.1 | 192.168.2.4 | 0x419a | No error (0) | 185.199.110.153 | A (IP address) | IN (0x0001) | false | ||
Sep 29, 2024 06:06:41.853647947 CEST | 1.1.1.1 | 192.168.2.4 | 0x419a | No error (0) | 185.199.109.153 | A (IP address) | IN (0x0001) | false | ||
Sep 29, 2024 06:06:41.853647947 CEST | 1.1.1.1 | 192.168.2.4 | 0x419a | No error (0) | 185.199.108.153 | A (IP address) | IN (0x0001) | false | ||
Sep 29, 2024 06:06:41.853647947 CEST | 1.1.1.1 | 192.168.2.4 | 0x419a | No error (0) | 185.199.111.153 | A (IP address) | IN (0x0001) | false | ||
Sep 29, 2024 06:06:47.279798985 CEST | 1.1.1.1 | 192.168.2.4 | 0xcf5e | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Sep 29, 2024 06:06:47.279798985 CEST | 1.1.1.1 | 192.168.2.4 | 0xcf5e | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Sep 29, 2024 06:06:47.792006016 CEST | 1.1.1.1 | 192.168.2.4 | 0xb84f | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 29, 2024 06:06:47.792006016 CEST | 1.1.1.1 | 192.168.2.4 | 0xb84f | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Sep 29, 2024 06:07:01.180696011 CEST | 1.1.1.1 | 192.168.2.4 | 0xc148 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 29, 2024 06:07:01.180696011 CEST | 1.1.1.1 | 192.168.2.4 | 0xc148 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Sep 29, 2024 06:07:03.732239962 CEST | 1.1.1.1 | 192.168.2.4 | 0xa701 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false | |
Sep 29, 2024 06:07:39.306382895 CEST | 1.1.1.1 | 192.168.2.4 | 0x1727 | No error (0) | 142.250.74.196 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49735 | 185.199.109.153 | 443 | 3020 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-29 04:06:36 UTC | 690 | OUT | |
2024-09-29 04:06:36 UTC | 735 | IN | |
2024-09-29 04:06:36 UTC | 1378 | IN | |
2024-09-29 04:06:36 UTC | 1378 | IN | |
2024-09-29 04:06:36 UTC | 1378 | IN | |
2024-09-29 04:06:36 UTC | 1378 | IN | |
2024-09-29 04:06:36 UTC | 1378 | IN | |
2024-09-29 04:06:36 UTC | 1378 | IN | |
2024-09-29 04:06:36 UTC | 719 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49736 | 185.199.109.153 | 443 | 3020 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-29 04:06:36 UTC | 592 | OUT | |
2024-09-29 04:06:37 UTC | 733 | IN | |
2024-09-29 04:06:37 UTC | 1378 | IN | |
2024-09-29 04:06:37 UTC | 1149 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49745 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-29 04:06:40 UTC | 161 | OUT | |
2024-09-29 04:06:41 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49746 | 185.199.109.153 | 443 | 3020 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-29 04:06:41 UTC | 644 | OUT | |
2024-09-29 04:06:41 UTC | 742 | IN | |
2024-09-29 04:06:41 UTC | 1378 | IN | |
2024-09-29 04:06:41 UTC | 1378 | IN | |
2024-09-29 04:06:41 UTC | 1378 | IN | |
2024-09-29 04:06:41 UTC | 1378 | IN | |
2024-09-29 04:06:41 UTC | 1378 | IN | |
2024-09-29 04:06:41 UTC | 1378 | IN | |
2024-09-29 04:06:41 UTC | 1378 | IN | |
2024-09-29 04:06:41 UTC | 1378 | IN | |
2024-09-29 04:06:41 UTC | 1378 | IN | |
2024-09-29 04:06:41 UTC | 1378 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49747 | 185.199.110.153 | 443 | 3020 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-29 04:06:42 UTC | 376 | OUT | |
2024-09-29 04:06:42 UTC | 740 | IN | |
2024-09-29 04:06:42 UTC | 1378 | IN | |
2024-09-29 04:06:42 UTC | 1378 | IN | |
2024-09-29 04:06:42 UTC | 1378 | IN | |
2024-09-29 04:06:42 UTC | 1378 | IN | |
2024-09-29 04:06:42 UTC | 1378 | IN | |
2024-09-29 04:06:42 UTC | 1378 | IN | |
2024-09-29 04:06:42 UTC | 1378 | IN | |
2024-09-29 04:06:42 UTC | 1378 | IN | |
2024-09-29 04:06:42 UTC | 1378 | IN | |
2024-09-29 04:06:42 UTC | 1378 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49748 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-29 04:06:42 UTC | 239 | OUT | |
2024-09-29 04:06:42 UTC | 515 | IN | |
2024-09-29 04:06:42 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49749 | 52.165.165.26 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-29 04:06:47 UTC | 306 | OUT | |
2024-09-29 04:06:47 UTC | 560 | IN | |
2024-09-29 04:06:47 UTC | 15824 | IN | |
2024-09-29 04:06:47 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 54351 | 52.165.165.26 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-29 04:07:06 UTC | 124 | OUT | |
2024-09-29 04:07:06 UTC | 318 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 54352 | 52.165.165.26 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-29 04:07:08 UTC | 306 | OUT | |
2024-09-29 04:07:08 UTC | 560 | IN | |
2024-09-29 04:07:08 UTC | 15824 | IN | |
2024-09-29 04:07:08 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 54353 | 52.165.165.26 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-29 04:07:09 UTC | 306 | OUT | |
2024-09-29 04:07:10 UTC | 560 | IN | |
2024-09-29 04:07:10 UTC | 15824 | IN | |
2024-09-29 04:07:10 UTC | 14181 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 00:06:27 |
Start date: | 29/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 00:06:33 |
Start date: | 29/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 00:06:34 |
Start date: | 29/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 00:06:37 |
Start date: | 29/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 5 |
Start time: | 00:06:38 |
Start date: | 29/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |